diff --git a/.trivyignore b/.trivyignore
index 1ac14484c..4c82aff5d 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -10,3 +10,6 @@
 # Suppression for h2 2.1.214 password on command line vulnerability
 #   can be suppressed as we only run h2 locally and not on build environments
 CVE-2022-45868
+# Suppression for CVE-2024-50379 as this affects the default tomcat servlet that we don't include.
+# This is suppressed in dps-gradle-spring-boot.
+CVE-2024-50379
diff --git a/build.gradle.kts b/build.gradle.kts
index 62146ac95..4de0359a2 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -4,6 +4,7 @@ plugins {
   id("org.jetbrains.kotlin.plugin.jpa") version "2.0.10"
   id("uk.gov.justice.hmpps.gradle-spring-boot") version "6.0.9"
   id("jacoco")
+  id("project-report")
 }
 
 configurations {